Systems and methods for protecting elementary bitstreams incorporating independently encoded tiles

ABSTRACT

Systems and methods for partial frame encryption in accordance with embodiments of the invention are disclosed. In one embodiment, the method receives a video bitstream that includes several frames, each frame including several independently encoded compression units within the frame, encrypts a portion of each of several compression units in several frames, and generates an output bitstream that includes the several independently encoded compression units including the encrypted portions of the compression units.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. application Ser. No. 15/693,016 filed on Aug. 31, 2017, entitled “Systems and Methods for Protecting Elementary Bitstreams Incorporating Independently Encoded Tiles” to Braness et al., which application is a continuation of U.S. application Ser. No. 14/821,454 filed on Aug. 7, 2015, entitled “Systems and Methods for Protecting Elementary Bitstreams Incorporating Independently Encoded Tiles” to Braness et al., which application claims the benefit of U.S. Provisional Patent Application No. 62/034,714 filed on Aug. 7, 2014, entitled “Systems and Methods for Protecting Elementary Bitstreams Incorporating Independently Encoded Tiles” to Braness et al., disclosures of which are incorporated herein by reference in their entireties.

FIELD OF INVENTION

The present invention relates to the field of encryption and decryption of video information. More specifically, the present invention is directed to methods and systems for generating a protected stream of compressed digital video using partial frame encryption.

BACKGROUND

Existing digital video compression techniques are complex processes which rely upon a variety of techniques in transforming (i.e., “encoding”) a unit of uncompressed video data into an encoded form. Such encoding permits fewer bits to be used in representing the content of the original uncompressed video data. The resultant encoded data is capable of being transformed using a reverse process (i.e., “decoding”) yielding a digital video unit of data that is either visually similar or identical to the original data. Modern techniques of digital video compression can achieve very high levels of compression.

The Motion Pictures Experts Group (MPEG) and the International Standards Organization (ISO) have produced various international standards specifying the video compression and decompression algorithms for video coding. These standards include MPEG-1, MPEG-2, MPEG-4, H.261, H.264, and the newer High-Efficiency Video Coding (HEVC) standard, which has significantly improved compression efficiency relative to its predecessors. In particular, HEVC is able to achieve a 2× compression ratio at a same subjective quality as compared to the prior H.264 standard. To achieve these compression optimizations, the HEVC standard has introduced several new tools designed specifically for parallel processing of video content on multi-core processor architectures. In particular, many smartphone and tablet architectures available on the market now utilize multi-core processors and thus are capable of playing back HEVC content using their multi-core architectures. Furthermore, with the growth of video traffic over networks, the HEVC standard provides certain tools that alleviate some of the bandwidth requirements for distributing high quality content.

Protecting the distribution of digital content from piracy and other types of unlawful distribution is yet another concern for content providers. The term Digital Rights Management (DRM) is utilized to describe access control technologies that are used to control access to and/or copying of digital content. DRM systems typically involve the use of cryptographic information to control access to or protect a piece of content. Content protection is typically achieved using cryptographic information such as (but not limited to) one or more encryption keys to encrypt content.

Various types of encryption schemes currently exist that may be used to protect data. In the digital world, encryption is often implemented by using a collection of bits of some length known as a “key” to execute a predictable transform on a unit of data. This yields another unit of data that cannot be “read” without knowledge of the key used to execute the transform. The process of encryption is only easily reversible to the extent the encrypting key or its counterpart (e.g., a “public” key) is available for use in transforming or “decrypting” the encrypted data back into the original form. Video data is often encrypted using a symmetric block cipher conforming to, for example the Data Encryption Standard (DES) or Advanced Encryption Standard (AES). The particular techniques used to encrypt digital content may yet consume further processing resources that need to be taken into account with respect to the encoding and distribution of content across a network.

SUMMARY OF THE INVENTION

Systems and methods for partial frame encryption in accordance with embodiments of the invention are disclosed. In one embodiment, the method receives a video bitstream that includes several frames, each frame including several independently encoded compression units within the frame, encrypts a portion of each of several compression units in several frames, and generates an output bitstream that includes the several independently encoded compression units including the encrypted portions of the compression units.

In a further embodiment or the invention, a compression unit is an independently decodable portion of a particular frame of video such that it does not depend upon another compression unit within the particular frame in order to be decoded.

In still a further embodiment of the invention, the method further parses a metadata header to identify locations of compression units within a frame of video, and encrypts a portion of the video bitstream based on the locations of the compression units.

In yet still a further embodiment of the invention, the method encrypts the portion of each of the plurality of compression units by determining that compression units are enabled based on information within a header associated with the video bitstream.

In yet a further embodiment of the invention still, the method further includes encrypting a portion of each compression unit in a frame of video.

In yet another embodiment of the invention, the portion is selected from the group consisting of i) a first N bytes of the compression unit, ii) a last N bytes of the compression unit, iii) a middle portion of N bytes within the compression unit and iv) a pattern of N bytes within the compression unit.

In still yet another embodiment of the invention, the compression units are tiles within a High-Efficiency Video Coding (HEVC) standard and the video bitstream is encoded based on the HEVC standard.

In yet another embodiment of the invention further still, the method further includes parsing a Picture Parameter Set (PPS) of the HEVC video bitstream to identify the structure of the tiles within the video bitstream, and encrypt portions of the tiles based on the structure.

In another embodiment of the invention again, the method further encrypts the portion of each of the several compression units using a common encryption format (CENC) to encrypt the portions.

Still another embodiment of the invention includes a content encoder that includes: a processor configured to communicate with a memory, where the memory contains an encoder application, where the encoder application directs the processor to: receive a video bitstream including several frames, each frame including several independently encoded compression units within the frame, encrypt a portion of each of several compression units in several frames, and generate an output bitstream including the several independently encoded compression units including the encrypted portions of the compression units.

In another embodiment of the invention, a compression unit is an independently decodable portion of a particular frame of video such that it does not depend upon another compression unit within the particular frame in order to be decoded.

In still another embodiment invention, the encoder application further directs the processor to parse a metadata header to identify locations of compression units within a frame of video, and encrypt a portion of the video bitstream based on the locations of the compression units.

In still yet another embodiment of the invention, encrypting the portion of each of the several compression units includes determining that compression units are enabled based on information within a header associated with the video bitstream.

In still yet another embodiment again, the encoder application further directs the processor to encrypt a portion of each compression unit in a frame of video.

In another embodiment of the invention again, the portion is selected from the group consisting of i) a first N bytes of the compression unit, ii) a last N bytes of the compression unit, iii) a middle portion of N bytes within the compression unit and iv) a pattern of N bytes within the compression unit.

In another further embodiment of the invention, the compression units are tiles within a High-Efficiency Video Coding (HEVC) standard and the video bitstream is encoded based on the HEVC standard.

In yet another embodiment of the invention again, the encoder application further directs the processor to parse a Picture Parameter Set (PPS) of the HEVC video bitstream to identify the structure of the tiles within the video bitstream, and encrypt portions of the tiles based on the structure.

In still a further embodiment of the invention again, encrypting the portion of each of the plurality of compression units includes using a common encryption format (CENC) to encrypt the portions.

In another embodiment of the invention, a content decoder includes: a processor configured to communicate with a memory, where the memory contains a decoder application, where the decoder application directs the processor to receive a video bitstream including several frames, each frame including several independently encoded compression units within the frame, decrypt a portion of each of several compression units in several frames, and generate an output decoded video for playback.

In yet another embodiment of the invention, a compression unit is an independently decodable portion of a particular frame of video such that it does not depend upon another compression unit within the particular frame in order to be decoded.

In yet another embodiment of the invention again, the decoder application further directs the processor to parse a metadata header to identify locations of compression units within a frame of video, and decrypt a portion of the video bitstream based on the locations of the compression units.

In still another embodiment of the invention again, decrypting the portion of each of the several compression units includes determining that compression units are enabled based on information within a header associated with the video bitstream.

In still another further embodiment of the invention, the decoder application further directs the processor to decrypt a portion of each compression unit in a frame of video.

In yet another embodiment of the invention again, the portion is selected from the group consisting of i) a first N bytes of the compression unit, ii) a last N bytes of the compression unit, iii) a middle portion of N bytes within the compression unit and iv) a pattern of N bytes within the compression unit.

In a further embodiment of the invention still, the compression units are tiles within a High-Efficiency Video Coding (HEVC) standard and the video bitstream is decoded based on the HEVC standard.

In another embodiment of the invention still, the decoder application further directs the processor to parse a Picture Parameter Set (PPS) of the HEVC video bitstream to identify the structure of the tiles within the video bitstream, and decrypt portions of the tiles based on the structure.

In yet still another embodiment of the invention, decrypting the portion of each of the plurality of compression units includes using a common encryption format (CENC) to decrypt the portions.

BRIEF DESCRIPTION OF FIGURES

FIG. 1 is a system diagram of a video encoding and delivery system in accordance with embodiments of the invention.

FIG. 2A conceptually illustrates a content encoder configured to generate partially encrypted content in accordance with embodiments of the invention.

FIG. 2B conceptually illustrates a content server configured to manage and distribute partially encrypted content in accordance with embodiments of the invention.

FIG. 2C conceptually illustrates a playback device configured to receive and play back partially encrypted content in accordance with embodiments of the invention.

FIG. 3 illustrates a process for partially encrypting content in accordance with embodiments of the invention.

FIG. 4 illustrates a process for partially encrypting content in accordance with embodiments of the invention.

FIG. 5 illustrates a process for decoding and playing back partially encrypted content in accordance with embodiments of the invention.

FIG. 6 illustrates an example of tiles within a frame of video in accordance with embodiments of the invention.

FIG. 7 illustrates an example of a syntax structure for tiles in an HEVC video in accordance with embodiments of the invention.

DETAILED DESCRIPTION

As described above, different techniques may be used to encrypt content, and each may consume different amounts of processing resources in addition to the processing costs associated with the compression technique (e.g., H.264 or HEVC) being utilized to compress or encode the video content. Accordingly, many embodiments of the invention are able to achieve efficiency in generating a protected compressed video sequence that has encrypted frames by encrypting only portions of a frame, rather than the entire frame. These techniques may generally be referred to as “partial frame encryption” since they encrypt only portions of a frame. The one or more portions that are encrypted within a frame of video can be specified within the frame by a start location and length. Often, this information may be provided within a header associated with the frame and used by a decoder to locate the encrypted portions of the frame for decryption.

In many video compression formats such as H.264/MPEG-4 AVC (Advanced Video Coding), there are dependencies within a frame and across multiple frames (due to compression algorithms). Because of the dependencies, when a portion that is encrypted cannot be decrypted and therefore cannot be played back properly, other portions within the frame or in other frames that depend on the encrypted portion also cannot be played back. Thus, in an AVC encoded bitstream, encrypting the beginning x number of bytes of a frame or sequence of units often is sufficient to prevent the decoding of many other parts of the frame or other units.

Many embodiments may utilize the ISO/IEC 23001-7:2012 Common Encryption Scheme (CENC) standard for encryption, which is an industry encryption standard that specifies standard encryption and key mapping methods that can be utilized by one or more digital rights and key management systems (DRM systems) to enable decryption of the same file using different DRM systems. The scheme allows for encrypting multiple discontinuous portions of a frame.

Some video compression formats such as High Efficiency Video Coding (HEVC) allow for portions of a frame to be independently encoded and decoded, without reference to or dependence from information in other portions, which enables the simultaneous parallel processing of different portions of a frame video. One such feature designed to enable parallel processing is “tiles” in HEVC. In particular, tiles can be used for encoding and decoding portions of a frame simultaneously by different processors, by dividing a picture into rectangular areas (tiles), where each tile consists of a number of coding tree units (CTUs).

Tiles can be contained within a single NAL (Network Abstraction Layer) unit or slice. Similar independently decodable portions of a frame can be referred to across different encoding formats as compression units (i.e., tiles in HEVC). Compression units enable parallelism when decoding the bitstream as they can be processed independently of each other. In an HEVC encoded stream with tiles enabled, if merely the first x bytes of the video NAL units or frame were encrypted, other portions (tiles) may be fully decodable without having to decrypt the encrypted portion(s) because of their independence from the encrypted portion(s).

Thus, in many embodiments, the security of an encoded bitstream having tiles (or other compression units) can be improved by encrypting at least a portion of multiple tiles within a frame to render more of the frame unrecoverable without decrypting the encrypted portions. In several embodiments, an encoder and/or encoding process can be designed to decode at least part of the bitstream to determine where tiles are located and encrypt portions of tiles. The encoder may acquire information concerning the structure and/or location of tiles in order to encrypt information within multiple tiles and protect more of the bitstream from being decoded without being decrypted. Methods for acquiring this information regarding tiles (or other independently decodable units) can include parsing a NAL unit header to determine the start location of one or more tiles. Systems and methods for partial frame encryption of compression units in accordance with embodiments of the invention are discussed further below.

System Architecture for Partial Encoding and Playing Back Video Using Partial Frame Encryption

As described above, many new compression standards provide new tools that allow for the parallel processing (i.e., encoding and decoding) of video content on multi-core architectures. These tools include, for example, the use of “tiles” in the HEVC standard, among other types of similar, independently decodable compression units that may be utilized to partition a frame of video content into separate decodable units. As will be described throughout this application, compression units (e.g., tiles in HEVC) may generally refer to partitioned and/or independently decodable portions of a single frame of video for a given encoding standard. Furthermore, “tiles” are a type of compression unit that has been introduced within the HEVC standard. Although many of the examples below describe partial frame encryption of tiles based on video compressed according to the HEVC standard, partial frame encryption may be used to encrypt video that has been compressed according to any other standards which uses similar types of compression units to partition a video frame as appropriate to the requirements of specific applications in accordance with embodiments of the invention.

Furthermore, in order to protect digital content that has been compressed using independently decodable compression units, certain encryption techniques may be used that apply partial frame encryption to one or more portions of the compression units (i.e., tiles) within a frame of video. In particular, in the newer standards (e.g., HEVC) that have been designed to allow for the independent decoding of compression units within a frame of video, it may no longer be sufficient to encrypt only a portion of a total video frame (i.e., video picture) based on the compression standard design that other portions would have inter-frame dependencies that would require the proper decryption of the encrypted frame. As described above, within these older compression standards, because of the dependencies between different portions of a single video frame, when a portion that is encrypted cannot be decrypted and therefore cannot be played back properly, other portions within the frame or in other frames that depend on the encrypted portion also cannot be played back. Thus, in many embodiments, partial frame encryption may be applied to portions of one or more compression units within a frame of video. A system for encoding video content using partial frame encryption in accordance with an embodiment of the invention is illustrated in FIG. 1.

The system 100 includes a content encoder 102 configured to encode source media into encoded video. In several embodiments, the content encoder may encode content using a compression standard that allows for the parallel processing of the content (e.g., HEVC standard) by generating, for example, compression units (e.g., tiles) within each frame of video that allow for the independent encoding/decoding of portions of a frame without reference to other portions of the frame of video. In particular, in several embodiments, the content encoder may encode the content using the HEVC standard to encode frames of video content. The HEVC standard may also generate one or more independently decodable tiles for each frame of video.

In addition to encoding frames of video based on a compression standard (e.g., HEVC), in many embodiments, the content encoder 106 may further encrypt portions of the video content to protect the content from unlawful distribution. In order to reduce the overhead costs associated with encrypting video content, in many embodiments, the content encoder 106 encodes the video content using partial frame encryption whereby only a portion of one or more compression units (i.e., tiles) within a frame of video are encrypted (rather than encrypting the entire frame of video content). In some embodiments, the content encoder encrypts the starting x number of bytes of each tile within a frame of video. Other embodiments may encrypt different portions of a tile, including the x bytes located somewhere within the bitstream, the ending x bytes, or any other combination of bytes within the tile as appropriate to the requirements of specific application. In certain embodiments, the content encoder may encrypt a same portion of every tile in a frame. In other embodiments, the content encoder may encrypt different portions of different tiles. In several embodiments, the content encoder may encrypt portions of only certain tiles (e.g., less than all tiles) within a frame of video. As can readily be appreciated, container files that contain the encrypted video can include a separate DRM track that contains information concerning the location of the encrypted portions of tiles within a frame and/or the cryptographic information utilized to encrypt all or each of the encrypted portions.

In some embodiments, the content encoder 106 stores the content in a Matroska (MKV) container file. The Matroska container is a media container developed as an open standard project by the Matroska non-profit organization of Aussonne, France. The Matroska container is based upon Extensible Bindary Meta Language (EBML), which is a binary derivative of the Extensible Markup Language (XML). Decoding of the Matroska container is supported by many consumer electronic (CE) devices. In other embodiments, any of a variety of container file formats can be utilized including (but not limited to) the MP4 container file format specified by the Motion Picture Experts Group as MPEG-4 Part 14 as appropriate to the requirements of specific applications.

In some embodiments, after the content encoder 106 has compressed and/or encrypted a video sequence, the content encoder 106 uploads the encoded video to the content server 102.

In many embodiments, the content server 102 facilitates the distribution of the source media to one or more playback devices 108-114. Content servers 102 in accordance with several embodiments of the invention can be responsible for storing protected content for distribution to playback devices. In many embodiments, the content server receives and processes download requests from the variety of playback devices 108-114 that seek to download the encoded video. In some embodiments, a device may request either to (i) download the entire file, or (ii) receive a streamed video for playback in either a progressive or adaptive streaming mode. When the distribution server receives a download request from a playback device, it can provide the playback device with the encoded video for storage and/or playback.

A downloaded video file may include one or more headers that contain data describing the structure of the compression units (e.g., tiles in HEVC encoded video) within frames of video. The headers may include pointers to the start location of one or more tiles. In some embodiments, the location of tiles within an encoded HEVC video sequence may be specified in a picture parameter structure (PPS) that provides information regarding the tile structure within one or more frames of video. In some embodiments, the tiles may be fixed at certain locations within a frame while in other embodiments, the tiles may be at different locations for different frames of video. A decoder on a playback device may use this information to determine the portions of a frame that need to be decrypted in order to play back the video file.

In some embodiments, the content server 102 receives stream requests from a variety of playback devices and subsequently streams the encoded video to the playback devices for progressive playback and/or as part of an adaptive bitrate streaming system. In several embodiments, the variety of playback devices can use HTTP or another appropriate stateless protocol to request streams via a network 104 such as the internet. In several embodiments, a variety of playback devices can use RTSP whereby the distribution server records the state of each playback device and determines the video to stream based upon instructions received from the playback devices and stored data describing the state of the playback device.

In several embodiments, the DRM server 116 (digital rights management) facilitates the authorization and access to the source media, including managing the keys required to encrypt/decrypt the source media.

DRM servers 116 in accordance with certain embodiments of the invention can be responsible for storing protected streams and/or files of content for distribution (e.g. streaming and/or downloading) to playback devices. DRM servers can also store common cryptographic information utilized to protect the content. In several embodiments, the common cryptographic information is identified utilizing an identifier associated with the common cryptographic information and a piece of content.

In the illustrated embodiment, playback devices include personal computers 108-110, and mobile phones 112-114. In other embodiments, playback devices can include consumer electronics devices such as DVD players, Blu-ray players, televisions, set top boxes, video game consoles, tablets, and other devices that are capable of connecting to a server via HTTP and playing back encoded video.

In the illustrated embodiment, the content encoder, content server and DRM server are server application configured to execute on server computer hardware. In other embodiments, the content encoder, content server and DRM server can be any processing device including a processor and having sufficient resources to perform the encryption, distribution, and digital rights management of source media including (but not limited to) video, audio, and/or subtitles. Although a specific architecture is shown in FIG. 1 any of a variety of architectures can be utilized that enable playback devices to request encoded video with partial frame encryption as appropriate to the requirements of specific applications in accordance with embodiments of the invention.

The basic architecture of a content encoder 202 in accordance with an embodiment of the invention is illustrated in FIG. 2A. The content encoder 202 includes a processor 204 in communication with non-volatile memory 208, volatile memory 206, and a network interface 214. In the illustrated embodiment, the non-volatile memory includes a content encoder application 210 that configures the processor to encode content 212. In several embodiments, the content encoder application 210 encrypts content using partial frame encryption such that only portions of one or more compression units (e.g., tiles) are encrypted within a frame of video, rather than the entire frame, to reduce the overhead associated with the encryption of the compressed video.

In several embodiments, the network interface 214 may be in communication with the processor 204, the volatile memory 206 and/or the non-volatile memory 208. Although a specific content encoder architecture is illustrated in FIG. 2A, any of a variety of architectures including architectures where the content encoder application is located on disk or some other form of storage and is loaded into volatile memory at runtime can be utilized to implement content encoders in accordance with embodiments of the invention.

The basic architecture of a content server 222 in accordance with an embodiment of the invention is illustrated in FIG. 2B. The content server 222 includes a processor 224 in communication with non-volatile memory 228, volatile memory 226, and a network interface 234. In the illustrated embodiment, the non-volatile memory includes a content distribution application 230 that configures the processor to distribute content 232. In several embodiments, the network interface 234 may be in communication with the processor 224, the volatile memory 226 and/or the non-volatile memory 228. Although a specific content server architecture is illustrated in FIG. 2B, any of a variety of architectures including architectures where the content distribution application is located on disk or some other form of storage and is loaded into volatile memory at runtime can be utilized to implement content servers in accordance with embodiments of the invention.

The basic architecture of a playback device in accordance with an embodiment of the invention is illustrated in FIG. 2C. The playback device 252 includes a processor 254 in communication with non-volatile memory 258, volatile memory 256, and a network interface 240. In the illustrated embodiment, the non-volatile memory includes a decoder application 260 that configures the processor to decode content 262. In some embodiments, the decoder application 260 uses information provided within video container file and/or video stream to identify the location of compression units within a frame of video and decrypts only certain portions of the compression units in order to decode the video.

In several embodiments, the network interface 264 may be in communication with the processor 254, the volatile memory 256, and/or the non-volatile memory 258. Although a specific playback device architecture is illustrated in FIG. 2C, any of a variety of architectures including architectures where the decoder application is located on disk or some other form of storage and is loaded into volatile memory at runtime can be utilized to implement playback devices in accordance with embodiments of the invention.

Systems and Methods for Partial Frame Encryption

As described above, some video compression formats (e.g., HEVC) allow for portions of a frame (e.g., compression units or tiles) to be independently encoded and decoded, without reference to or dependence from information in other portions of the frame (or other frames). These independently decodable portions of a frame can be referred to across different encoding formats as compression units. Thus during encryption of a stream with independent compression units, if merely the first x bytes of the frame were encrypted, other portions (compression unites or tiles) may be fully decodable without having to decrypt the encrypted portions of the compression units because of their independence from the encrypted compression units. Thus, the security of an encoded bitstream having tiles (or other compression units) can be improved by encrypting at least a portion of multiple tiles within a frame to render more of the frame unrecoverable without decrypting the encrypted portions. A process for partial frame encryption of compression units of a video bitstream in accordance with an embodiment of the invention is illustrated in FIG. 3.

The process receives (at 302) video data. In some embodiments, the process may download video data from one or more content distributors. In other embodiments, the process may stream video data during video playback.

The process determines (at 304) locations of a plurality of compression units within the video data. The locations may be determined based on information provided by one or more header(s) associated with a frame of video. In some embodiments, the header may provide information regarding the start location of each compression unit within the frame. In some embodiments, the location of each compression unit may be fixed within each frame of video and thus may not need to be identified by a header. For example, an encoder may be pre-programmed with information regarding the structure of a video sequence.

The process determines (at 306) a portion of each compression unit within a frame of video to encrypt. In some embodiments, the process determines a fixed x bytes of each compression unit should be encrypted. In several embodiments, the process determines different portions of different compression units based on characteristics of the compression units. In other embodiments, the process may encode the middle or last x number of bytes in one or more compression units for a frame of video. In certain embodiments, the process may not encrypt certain frames of video while only encrypting portions of other frames of video. As can readily be appreciated, the specific portions of particular frames that are encrypted and the manner of encryption is typically dependent upon the requirements of the application.

The process encrypts (at 308) the portions of the compression units. In some embodiments, the process encrypts the portions using a standard DES and/or AES cipher. Other embodiments may use other encryption mechanisms as appropriate to the requirements of specific applications.

The process generates (at 310) an output bitstream containing compression units with portions that have been encrypted. The process then ends.

Although a specific process for encrypting portions of compression units is described in FIG. 3, any of a variety of processes may be utilized to encrypt portions of compression units as appropriate to the requirements of specific applications in accordance with embodiments of the invention.

Overview of HEVC Standard

As described above, the HEVC video compression standard includes several new tools designed for playback of video content using multi-core architectures that support parallel processing. The tools include Wavefront Parallel Processing (WPP) and tiles, in addition to slice structures. When WPP and/or tiles are used, the video bitstream corresponding to one picture may be packetized into independently decodable subsets of bitstreams. In particular, HEVC includes independently decodable tiles that partition a frame of video into rectangular regions of certain sizes. An example of tiles within a frame of video in accordance with embodiments of the invention is illustrated in FIG. 6. In particular, FIG. 6 is a diagram illustrating an example of evenly partitioning a frame in the horizontal and the vertical dimensions into nine tiles, tile 1 at the top left corner to tile 9 at the bottom right corner. Each tile includes a coding tree unit.

Tile related parameters may be signaled in a Picture Parameter Set (PPS) in HEVC. Within a video sequence, different pictures may be allowed to use different PPS's. The tile parameters may change from picture to picture in the same video sequence. In most video applications, the number of tiles and the locations of the tiles are likely to remain the same within a video sequence (e.g., a series of pictures), however, situations may arise where not only the configurations of tiles may be allowed to change from picture to picture in the same video sequence, but also the grouping of tiles may be allowed to change from picture to picture.

FIG. 7 illustrates an example of a syntax structure for tiles in Picture Parameter Set (PPS) in an HEVC video. If a tiles_enabled_flag is turned on, then the number of tiles in each dimension may be signaled. If the tiles are uniformly sized (e.g., if uniform_spacing_flag is 1), then no additional information may be signaled. The width and height of the tiles may be signaled. For example, as shown in FIG. 7, num_tile_columns_minus1 and num_tile_rows_minus1 may be set to 2 and uniform_spacing_flag may be set to 1.

An encoder may change how the tiles are partitioned from fame to frame by the encoder signaling a new PPS with new tile partition parameters. In many embodiments, tiles need not remain equally sized compared to each other, or the same size compared to the same tile at an earlier instance. In particular, the encoder may signal a new PPS with new tile partition parameters that would apply to a new set of one or more frames.

Partial Frame Encryption in HEVC

As described above, the HEVC standard introduces certain tools that support high level parallel processing. In particular, HEVC includes tiles, which allow a frame to be split into rectangular regions, which can then be independently encoded and decoded. A frame may be split uniformly or non-uniformily as tiles. An entry point for each tile may be specified in a slice header. In order to allow for partial encryption of a video file using the HEVC standard, many embodiments of the invention may partially encrypt multiple tiles in order to encrypt the video content. A process for partial encryption of HEVC tiles in accordance with an embodiment of the invention is illustrated in FIG. 4.

The process determines (at 402) if tiles are enabled. In many embodiments, when tiles are enabled, a bit stream may contain entry point offsets that indicate the start position of each picture partition which is necessary for each core to immediately access the partition.

The process determines (at 404) the structure of NAL units within a frame and/or bitstream.

The process determines (at 406) the structure of tiles within a NAL unit. In some embodiments, the process parses a NAL header to determine the start locations of each tile within a frame of video. In some embodiments, HEVC tiles may partition a picture into rectangular regions of certain sizes. The parameter structure for tiles may be specified in a Picture Parameter Set (PPS), video usability information (VUI), and/or a supplemental enhancement information (SEI) message, in HEVC. An example of a PPS in HEVC is illustrated in FIG. 7. If a tiles_enabled_flag is turned on, then the number of tiles in each dimension may be signaled. In some embodiments, if the tiles are uniformily sized (e.g., if uniform_spacing_flag is 1), then no additional information may be signaled. The PPS may also signal the width and height of tiles,

The process selects (at 408) a number of NAL units. In some embodiments, the process may select all of the NAL units. In certain embodiments, the process may select one or more NAL units.

The process selects (at 410) a number of tiles within each of the selected NAL units. In some embodiments, an encoder may change how the tiles are partitioned from picture to picture by the encoder signaling a new PPS with new tile partition parameters. FIG. 7 illustrates an example of signaling tiles in a PPS. In some embodiments, the tiles may be different sizes compared to each other, or different sizes compared to the same tile at an earlier instance. In some embodiments, the encoder may signal a new PPS with new tile partition parameters for each new picture, or when the tile partitions change from a previous picture.

The process encrypts at least a portion of the selected tiles. In some embodiments, the process may encrypt the first x number of bytes, ending x bytes, or some x number of bytes that lie within a certain portion of the bitstream of the tile. In several embodiments, the process may encrypt a number of blocks within the tile. Other embodiments may encrypt other portions of a tile as appropriate to the requirements of specific applications. In many embodiments, the process encrypts the portions of tiles using a common encryption format (CENC) that uses a common specification regarding how to encrypt bitstreams. The CENC specifies industry standard encryption and key mapping methods that can be used by DRM systems to enable decryption of files. The scheme operates by defining a common format for the encryption related metadata necessary to decrypt protected streams. The scheme leaves the details of rights mappings, key acquisition and storage, DRM compliance rules, among various other considerations, up to the DRM system supporting the CENC scheme. Furthermore, in many embodiments, encryption information may be stored within the MKV containers.

The process then ends. Although a specific process for encrypting a portion of tiles in an HEVC video content are described in FIG. 4, any of a variety of processes may be utilized to encrypt portions of tiles as appropriate to the requirements of specific applications in accordance with embodiments of the invention.

Decoding Partially Encrypted Video

A process for decoding partially encrypted video in accordance with an embodiment of the invention is illustrated in FIG. 5.

The process receives (at 502) encrypted video data. In some embodiments, the process may download, stream, and/or stream to download video content from a content provider. In other embodiments, the video data may be stored on a disk or obtained by any other mechanism as appropriate to the requirements of specific applications.

The process determines (at 504) the locations of a plurality of compression units (e.g., tiles in HEVC) within the video data. In some embodiments, the locations of the tiles may be fixed within one or more frames of video. In other embodiments, the locations of tiles may change between frames, or sets of frames. The location of tiles may be determined based on information contained within a PPS corresponding to a frame. In particular, the process may parse the PPS to identify the particular bytes within a tile that have been encrypted.

The process determines (at 506) if compression units are encrypted and decrypts the encrypted compression units. In some embodiments, the process may obtain a decryption key for decrypting the encrypted content. The decryption key may be obtained based on authorizations received from a DRM service associated with the content.

The process decodes (at 508) the compression units. In many embodiments, the process decodes the content based on the particular compression standard used to encode the video (e.g. HEVC video).

The process generates (at 510) output decoded video for playback. The process then ends.

Although a specific process for decrypting portions of compression units in video content are described in FIG. 5, any of a variety of processes may be utilized to decrypt portions of compression units in video content as appropriate to the requirements of specific applications in accordance with embodiments of the invention.

Although the present invention has been described in certain specific aspects, many additional modifications and variations would be apparent to those skilled in the art. It is therefore to be understood that the present invention may be practices otherwise than specifically described. Thus, embodiments of the present invention should be considered in all respects as illustrative and not restrictive.

Furthermore, the foregoing discussion discloses and describes merely exemplary embodiments of the present invention. One skilled in the art will readily recognize from such discussion and from the accompanying drawings that various changes, modifications and variations may be made therein without departing from the spirit and scope of the invention. Therefore, it is intended that the invention may not be limited to the particular embodiment disclosed, but that the invention will include all embodiments falling within the scope of the appended claims. 

What is claimed is:
 1. A non-transitory machine readable medium containing processor instructions, where execution of the instructions by a set of one or more processors causes the set of processors to perform a process comprising: receiving an encoded video bitstream comprising a plurality of frames, each frame comprising a plurality of independently encoded compression units within the frame, wherein each independently encoded compression unit is a tile; for each frame of the plurality of frames: receiving a metadata header identifying the locations of the plurality of independently encoded compression units within the frame; receiving encryption information identifying locations of encrypted portions of the plurality of independently encoded compression units in the frame; decrypting the encrypted portions of each of a plurality of compression units in the frame based on the received metadata header and the received encryption information; and upon decrypting the encrypted portions of the plurality of compression units of the frame, decoding, by a plurality of processors in parallel, the frame with the decrypted plurality of compression units.
 2. The non-transitory machine readable medium of claim 1, wherein a compression unit is an independently decodable portion of a particular frame of video such that it does not depend upon another compression unit within the particular frame in order to be decoded.
 3. The non-transitory machine readable medium of claim 1, wherein decrypting the portion of each of the plurality of compression units comprises determining that compression units are in a state of being enabled based on information within a header associated with the video bitstream.
 4. The non-transitory machine readable medium of claim 1, wherein each portion of the encrypted portions is selected from the group consisting of i) a first N bytes of the compression unit, ii) a last N bytes of the compression unit, iii) a middle portion of N bytes within the compression unit and iv) a pattern of N bytes within the compression unit.
 5. The non-transitory machine readable medium of claim 1, wherein the compression units are tiles within a High-Efficiency Video Coding (HEVC) standard and the video bitstream is encoded based on the HEVC standard.
 6. The non-transitory machine readable medium of claim 5, wherein the metadata header includes a Picture Parameter Set (PPS) of the HEVC video bitstream to identify a structure of the tiles within the video bitstream.
 7. The non-transitory machine readable medium of claim 1, wherein decrypting the encrypted portions of each of the plurality of compression units comprises using a common encryption format (CENC) to decrypt the portions.
 8. A content decoder comprising: a memory; a processor configured to communicate with the memory, where the memory contains instructions; wherein execution of the instructions by the processor causes the processor to: receive an encoded video bitstream comprising a plurality of frames, each frame comprising a plurality of independently encoded compression units within the frame, wherein each independently encoded compression unit is a tile; for each frame of the plurality of frames: receiving a metadata header identifying the locations of the plurality of independently encoded compression units within the frame; receive encryption information identifying locations of encrypted portions of the plurality of independently encoded compression units in the frame; decrypt the encrypted portions of each of a plurality of compression units in the frame based on the received metadata header and the received encryption information; and upon decrypting the encrypted portions of the plurality of compression units of the frame, decode, by a plurality of processors in parallel, the frame with the decrypted plurality of compression units.
 9. The content decoder claim 8, wherein a compression unit is an independently decodable portion of a particular frame of video such that it does not depend upon another compression unit within the particular frame in order to be decoded.
 10. The content decoder of claim 8, wherein decrypting the portion of each of the plurality of compression units comprises determining that compression units are in a state of being enabled based on information within a header associated with the video bitstream.
 11. The content decoder of claim 8, wherein the portion is selected from the group consisting of i) a first N bytes of the compression unit, ii) a last N bytes of the compression unit, iii) a middle portion of N bytes within the compression unit and iv) a pattern of N bytes within the compression unit.
 12. The content decoder of claim 8, wherein the compression units are tiles within a High-Efficiency Video Coding (HEVC) standard and the video bitstream is decoded based on the HEVC standard.
 13. The content decoder claim 12, wherein the metadata header includes a Picture Parameter Set (PPS) of the HEVC video bitstream to identify a structure of the tiles within the video bitstream.
 14. The content decoder claim 8, wherein decrypting the encrypted portions of each of the plurality of compression units comprises using a common encryption format (CENC) to decrypt the portions. 